Presentation is loading. Please wait.

Presentation is loading. Please wait.

Developing a Network Security Policy By: Chris Catalano.

Published byGervais Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "Developing a Network Security Policy By: Chris Catalano."— Presentation transcript:

1 Developing a Network Security Policy By: Chris Catalano

2 Security Policy? Definition: – A security policy is a formal statement of the rules through which people are given access to an organization’s technology, system, and information assets. The Need for Security Policy:

3 Purpose The primary purpose of a security policy is to inform users and staff the requirements for protecting various assets Another purpose is to provide a baseline from which to acquire, configure, and audit computer systems.

4 Key Principles Ensure the confidentiality of the customer’s and your processed data, and prevent unauthorized disclosure or use. Ensure the integrity of data processing operations and protect them from unauthorized use.

5 Designing Your Policy

6 Things to Consider In the designing of a policy you need to figure out what you’re actually protecting All data should be considered confidential The cost of keeping things secure shouldn’t be greater than the data/objects value.

7 Who to Consider Depending on what you or your company does is going to determine who your threat is Design your security and policy around that threat Most corrupt activity involves someone inside the company or organization these people are classified as insiders Threat also could come from outsiders

8 Protecting Against Insiders Spread who has access throughout different people Layer the employees roles Monitor activity

9 The Outsiders Realizing what they’re after Protecting against Social Engineering

10 Digital Security Layered security Security requests Limiting access

11 Physical Security ID cards Personalized Access to rooms Security Cameras Centralized Data Centers

12 Acceptable Use Policy This tells the users what they can access on the internet What the can and can not do at work Can vary depending on the workplace

13 Backup and Recovery What is backed up and how frequent? Is it backed up onsite, offsite, or both? Managing the backups

14 Enforcing Your Policy Copies and documentation Followed strictly What are the punishments for not following the policy

15 Policy Management Revaluate your policy Ask the company for concerns regarding the current policy

16 Incident Response Plan This is crucial to the “What If” of a security policy This involves who gets called for what, who is authorized to shut things down, and who represents this for the company

17 Summary Every company or organization needs to have a network security policy. This keeps the company organized, focused, and ready for the worst case scenario. Key things to remember are people. Those people are the threat as well as the people with authority. Also you want to keep you policy flexible to strict of a policy it won’t be followed and not strict enough it won’t serve its purpose

Download ppt "Developing a Network Security Policy By: Chris Catalano."

Similar presentations

31511230/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.

/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Introducing Computer and Network Security

Introducing Computer and Network Security
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Computer Security Fundamentals

Computer Security Fundamentals
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
Cryptography and Network Security

Cryptography and Network Security
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Similar presentations

Ads by Google